A new strain of android malware has been found targeting banking and social media apps. Reports suggest around 94 different banking apps are currently being targeted including Santander, American Express, and Paypal. The malware overlays the screen for these other apps, stealing the user’s credentials once activated. It’s also targeting a lot of common social media apps including Facebook, Twitter, Snapchat, LinkedIn, Instagram and more. Kevin Bocek, Chief Security Strategist at Venafi commented below.

Kevin Bocek, Chief Security Strategist at Venafi:

kevin bocek“Android malware masquerading as common banking and social media applications is nothing new. The trend in Android malware – as we’ve seen with Windows malware so many times before – is to gain more and more control. The ultimate objective of many types of malware is to gain access to digital certificates stored in Android devices. Once this objective is achieved the sky is the limit for cyber criminals; they can write malware that will encrypt a device and hold it for ransom, steal data, or use the device to launch more attacks inside businesses. Businesses should find this trend very alarming.

Unfortunately, businesses have very limited awareness of how they use certificates for authentication on mobile devices and lack control, so they are unable to hit the kill switch when an attack like this one surfaces.”

Information Security Buzz